Check Point Research (CPR), its Threat Intelligence division Check Point Software Technologies Ltd. global cybersecurity solutions provider, has released its Brand Phishing Report for the third quarter of 2022.
The report shows the brands most often imitated by criminals in their attempts to steal people's personal information or payment credentials during July, August and September.
While LinkedIn was the most imitated brand in both the first and second quarters of 2022, shipping company DHL took the top spot in the third quarter, accounting for 22% of all phishing attempts worldwide. Microsoft is in second place (16%) and LinkedIn has dropped to third, accounting for just 11% of fraud, compared to 52% in Q1 and 45% in Q2.
DHL's rise could be due in part to a major global fraud and attack Phishing about which the company itself warned a few days before the start of the quarter. Instagram also appeared in the top ten list for the first time this quarter, after a phishing campaign related to the "blue badge" was reported in September.
O κλάδος των μεταφορών είναι ένας από τους κορυφαίους κλάδους για το brand phishing, δεύτερος μετά την τεχνολογία. Καθώς οδεύουμε προς την πιο δυναμική περίοδο για τις λιανικές πωλήσεις του έτους, η CPR θα συνεχίσει να παρακολουθεί τις απάτες που σχετίζονται με τη μεταφορά, καθώς οι δράσεις θα αυξήσουν πιθανότατα τις προσπάθειές τους να εκμεταλλευτούν τους online buyers.
“Phishing is the most common type of social engineering, which is a general term that describes attempts to manipulate or deceive users. It is an increasingly common threat vector used in most security incidents,” commented Omer Dembinsky, Data Research Group Manager at Check Point. “In the third quarter, we saw a dramatic decrease in the number of LinkedIn-related phishing attempts, which reminds us that cybercriminals often change their tactics to increase their chances of success.
Εξακολουθεί όμως να είναι η τρίτη πιο συχνά αντιγραφόμενη εταιρεία, γι' αυτό θα προτρέπαμε όλους τους χρήστες να είναι προσεκτικοί σε οποιαδήποτε μηνύματα ηλεκτρονικού ταχυδρομείου ή επικοινωνίες που υποτίθεται ότι προέρχονται από το LinkedIn. Τώρα που η DHL είναι η μάρκα που είναι πιο πιθανό να μιμηθούν, είναι ζωτικής σημασίας όποιος περιμένει μια παράδοση να πηγαίνει κατευθείαν στον επίσημο ιστότοπο για να ελέγξει την πρόοδο ή/και τις alerts. Do not trust any email, especially those that ask for information to be shared."
In a phishing attack, criminals try to impersonate the official website of a well-known company, using a similar domain name or address URL and website design with the original website.
The link to the fake website can be sent to targeted individuals via email or text message, the user can be redirected while browsing the web, or it can be activated by a fraudulent mobile phone app. The fake site often contains a form designed to steal users' credentials, payment information, or other personal information.
Top phishing brands in the 3rd quarter of 2022
The following are the top brands that rank based on their overall appearance in brand phishing attempts:
- DHL (related to 22% of all phishing attacks worldwide)
- Microsoft (16%)
- LinkedIn (11%)
- Google (6%)
- Netflix (5%)
- WeTransfer (5%)
- Walmart (5%)
- WhatsApp (4%)
- HSBC (4%)
- Instagram (3%)
DHL Phishing Email – Example of account theft
As part of campaigns using DHL branding that appeared during Q3 2022, we observed a malicious phishing email sent from a webmail address “info@lincssourcing[.]com” and spoofed to appear to be sent from by "DHL Express". The email contained the subject- “Undelivered DHL(Parcel/Shipment)”, and the content (see Figure 1) tries to convince the victim to click on a malicious link, claiming that there is a delivery intended for them and can be shipped immediately after updating the delivery address.
This link leads to a malicious website- “https://bafybeig4warxkemgy6mdzooxeeuglstk6idtz5dinm7yayeazximd3azai[.]ipfs[.]w3s[.]link/dshby[.]html/” (see Figure 2) which requires you to enter your username and password. victim's password.
Phishing email OneDrive – Account theft example
In this phishing email, we see an attempt to steal a user's Microsoft account information.
The email (see Figure 1), which was sent from the webmail address “websent@jointak.com.hk” with a fake sender name – “OneDrive”, contained the subject “A document titled 'Proposal' has been shared with your OneDrive". The attacker tries to trick the victim into clicking on the malicious link by claiming that an important document titled “Proposal” has been shared with them on OneDrive.
This malicious link – ” https://mail-supp-365[.]herokuapp[.]com/” redirects the user to a fake Microsoft web app login page (see Figure 2) where the user has to enter his account password.
As always, we encourage users to exercise caution when disclosing personal data and credentials on business applications or websites and to think twice before opening email attachments or links, especially emails claiming to be from companies such as DHL, Microsoft or LinkedIn, as it is more likely to be an impersonation.
